Onboarding a Kubernetes cluster to Azure Arc

nillsf Azure, DevOps, Kubernetes, Management, Open Source

Azure Arc is part of Microsoft’s vision for a successful hybrid cloud deployments and management. Arc enables consistent management of your IT estate across multi-cloud, hybrid and edge deployments. What Arc enables is the use of Azure management and policy tools to manage and secure your IT estate.

Currently, there are three solutions announced that are part of Azure Arc:

  • Arc for Servers: allows you to manage physical and virtual servers on-prem or in other clouds.
  • Arc for Kubernetes: allows you to manage kubernetes clusters anywhere.
  • Arc for Data Services: deploy azure managed data services on-prem and in other clouds.

I’ve had an action item on my todo list to explore Arc in more depth for a while now. Thanks to two of my colleague for the motivation, I finally bit the bullet and got started with Arc for Kubernetes. And I have to say, it was a lot easier than I was expecting.

Part of the easiness was a great GitHub repo containing a ton of Azure Arc scenarios. Huge kudos to the team who built and manages that repo, because this was super useful for me to get started.

In this post I’ll quickly show you how you can onboard a Kubernetes cluster running on kind onto Azure Arc.

So why don’t we get started with looking at a little more depth into Arc-enabled Kubernetes?

What is Arc-enabled Kubernetes

Azure Arc-enabled Kubernetes allows you to manage non-azure Kubernetes clusters as if they were managed from Azure. This means you can leverage Azure management tools such as Azure monitor and Azure policy to manage those clusters. You also can see all of your resources through a single pane of glass – which is the Azure portal.

Additionally, arc-enabled Kubernetes also comes pre-built with a GitOps workflow built-in using Flux. Flux allows you to adopt a GitOps methodology on top of your Kubernetes clusters. GitOps refers to the ability to manage your deployments through git source control, rather than through a traditional CI/CD pipeline. Flux pulls new configuration from your git repo, rather than a CI/CD pipeline pushing it into your cluster.

For a little more in depth explanation of the capabilities, I recommend you to read this blog post on the Azure blog.

Why don’t we get started with connecting a Kubernetes cluster to Arc?

Connecting a Kubernetes cluster to Arc.

In this demonstration, I’ll be connecting a Kind cluster running on my laptop to Azure.

First up, we need to register the Arc resource providers. We’ll do this first, since this can take some time.

az provider register --namespace Microsoft.Kubernetes
az provider register --namespace Microsoft.KubernetesConfiguration

While those are registering (this can take about 10 minutes), let’s install the az CLI extensions for arc:

az extension add --name connectedk8s
az extension add --name k8sconfiguration

With those installed, we can now create a local cluster. I started with a three node kind cluster on my local machine. The kind configuration was very simple:

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
- role: worker

Which I then created using:

kind create cluster --config cluster.yaml

Next up, we’ll need to create a service principal. This SP is required to connect the cluster to Azure:

az ad sp create-for-rbac -n "http://nilfrankindarc" --role contributor

Next, we’ll need to create a resource group for our cluster to show up in: (Arc for kubernetes is only available in US East and West Europe for now)

az group create -l eastus -n nfarc

For easiness sake, let’s set a couple of variables that we’ll use later in the commands:

export appId='b36d5437-c642-4a89-85fa-d2be1c5f95be'
export password='XXX'
export tenantId='72f988bf-86f1-41af-91ab-2d7cd011db47'
export resourceGroup='nfarc'
export arcClusterName='nf_arc_kind'

At this point, we need to wait for the resource providers to register. Let’s give that a couple minutes until it completes:

az provider show -n Microsoft.Kubernetes -o table
az provider show -n Microsoft.KubernetesConfiguration -o table
Wait until both resource providers show as registered.

Once this is registered, we can go ahead and connect our cluster to azure:

az connectedk8s connect --name $arcClusterName --resource-group $resourceGroup

This took a couple of seconds to complete, and I now have a Kubernetes cluster in Azure that represents my kind cluster. It took a couple of seconds for all the data like Kubernetes version to show up correctly, but once the config was synced over, I could see my cluster and it’s config in the Azure portal:

My kind cluster shows up in the Azure portal.

There’s two things that are great to see in this portal blade:

  1. The GitOps integration which can be done straight from within the Azure portal. (see image below)
  2. The integration with Azure policy.
Ability to configure GitOps from within the Azure portal.

Let’s also have a look at everything that get’s deployed as part of Azure Arc:

The resources deployed by Arc-enabled Kubernetes.

As you can see, a number of items get deployed as part of Azure Arc-enabled Kubernetes:

  1. Cluster-metadata operator
  2. Cluster identity operator
  3. Configuration agent
  4. Controller manager
  5. Flux-logs-agent
  6. Metrics-agent
  7. Resource-sync-agent

Next steps

Up to now we’ve taken an existing kubernetes cluster and onboarded it to Azure Arc. In a future post I’ll explore how to apply Azure policies to that cluster and deploy applications using GitOps.

Summary

In this blog post we’ve taken a quick look into Arc-enabled Kubernetes. We took a cluster running on kind (Kubernetes in Docker) and attached that to Azure Arc. We could see the cluster in the Azure portal, and saw the Azure Policy and GitOps integration from the Azure portal. We’ll explore both in more depth in a future post.

Leave a Reply